<?php
if(isset($_POST['password_submit']))
{
	$orginPassword = in($_POST['orginPassword'],true);
	$newPassword = in($_POST['newPassword'],true);
	$reNewPassword = in($_POST['reNewPassword'],true);

	is_pass($orginPassword,$newPassword,$reNewPassword,$user_id);
}
function in($data,$force=false)
{
	if(is_string($data))
	{
		$data=trim(htmlspecialchars($data));//防止被挂马，跨站攻击
		if(($force==true)||(!get_magic_quotes_gpc())) 
		{
		   $data = addslashes($data);//防止sql注入
		}
		return  $data;
	}
	else if(is_array($data))//如果是数组采用递归过滤
	{
		foreach($data as $key=>$value)
		{
			 $data[$key]=in($value);
		}
		return $data;
	}
	else 
	{
		return $data;
	}	
}


//检查是否是正确的密码，是则返回true，否则返回false
function is_pass($orginPassword,$newPassword,$reNewPassword,$user_id)
{	
	if(!empty($orginPassword)&&!empty($newPassword)&&!empty($reNewPassword))
	{
		if(5<strlen($orginPassword) && strlen($orginPassword)<16 && 5<strlen($newPassword) && strlen($newPassword)<16 && 5<strlen($reNewPassword) && strlen($reNewPassword)<16)
		{
			if($newPassword == $reNewPassword)
			{
				$orginPasswordHandle = md5($orginPassword);
				$sql_pass = mysql_query("select id from food_user_basic where user_pass = '$orginPasswordHandle' and id = $user_id") or die(mysql_error());
				$num_pass = mysql_num_rows($sql_pass);
				if($num_pass == 1)
				{
					$newPassword = md5($newPassword);
					mysql_query("update food_user_basic set `user_pass` = '$newPassword' where id = $user_id");
					$qq = mysql_query("update food_user_basic set `qq_status` = '1' where id = $user_id");
					if($qq)
						echo '<span style="color:red;" id="login_fail_tip">修改成功</span>';
					else
						echo 'error';
				}else
				{
					echo '<span style="color:red;" id="login_fail_tip">原始密码错误</span>';
					return false;
				}
			}else
			{
				echo '<span style="color:red;" id="login_fail_tip">密码重复输入不一致</span>';
				return false;
			}
		}else
		{
			echo '<span style="color:red;" id="login_fail_tip">密码长度请保持在6-15位的数字或者字符</span>';
			return false;
		}
		
	}else
	{
		echo '<span style="color:red;" id="login_fail_tip">请填完原始密码和新密码</span>';
		return false;
	}
}
	






  

?>

